Should senior IT professionals be liable for breaches?

In Commentaries and Analyses, Legal News
September 01, 2023

In July, SolarWinds CISO Tim Brown and CFO Bart Kalsu received Securities and Exchange Commission notices of potential enforcement action over alleged violation of securities laws. The issue stems from their response to the Russian hack of the Orion network monitoring software in 2020 — a product used by more than 30,000 organisations.

This isn’t the first high-profile instance of a chief information security officer facing individual scrutiny for decisions affecting their organization.

Everyone makes mistakes. But what if your mistakes cost you tens of thousands of dollars in fines, see you facing jail time, or risk the security of millions of other people? Companies now access and handle more personal data than ever before. And regulators are reexamining the significant responsibility that brings.

Read more about the cases involving Uber and TSB at Dark Reading.